Infosec 2015 A top GCHQ official opened the Infosecurity Europe trade show in London with an on-message keynote that focused on promoting best practice rather than dealing with Edward Snowden and the ongoing controversy over the so-called Snoopers’ Charter.
Ciaran Martin, director general of cyber-security at GCHQ, gave a broad overview of the threat landscape before going on advise delegates to focus on getting the basics right and promoting government schemes, such as the Cyber Essentials programme.
Martin started off his presentation with a suggestion that the denial of cyber-security is the Y2K bug of this generation. A variety of hackers motivated by either “money, power or propaganda” stand ready to ransack corporate systems, he told a packed audience at London’s Olympia.
Martin said GCHQ "reluctantly" takes on the role of top scarer, comparing GCHQ's role to a character in Pixar’s Monsters Inc. GCHQ – now 96 years old – has always had an information assurance role, but its function as a signal intelligence agency has always had a higher public profile.
This intelligence role has been the source of privacy controversy since the revelations of Edward Snowden. Martin, in best civil servant mode, said the balance between security and privacy is a matter for debate in parliament, which is due to discuss the Investigatory Powers Bill. The senior GCHQ official made no mention of Snowden, beyond suggesting that reports of overarching surveillance were well wide of the mark and that GCHQ’s intelligence role helped in defence.
Martin said GCHQ doesn't talk about who it helps. "Infosec 2115 might have a historical talk on our files,” he joked, during a speech that touched on the centuries-old debate among historians about the fall of the Roman Empire.
Martin’s well-drilled presentation was punctuated with only one question from the audience. A delegate asked if GCHQ could be considered a threat actor due to its promotion of backdoors in products. Are its activities encouraging UK tech firms to leave the country?
The two-part, commendably forensic question made reference to the call by law enforcement and intel agencies to leave encryption backdoors in products and services – a demand fiercely resisted by IT giants. It also related to reported plans by some UK tech firms – ind.ie and most recently Eris Industries – to quit Blighty over the Snoopers’ Charter.
Martin didn’t answer the question directly in his own capacity, instead referring to comments by business leaders that surveillance was having no effect on the growing UK IT industry. ®